package com.star.vrserver.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import sun.security.util.SecurityConstants;

import java.util.Arrays;

import static java.util.Collections.singletonList;
import static org.springframework.security.config.Customizer.withDefaults;

/**
 * @author star
 * @date 2023-03-11 14:29
 * @Description SpringSecurity的配置类：实现单点登录等权限认证
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
//    private final StringRedisTemplate stringRedisTemplate;
//
//    public SpringSecurityConfig(StringRedisTemplate stringRedisTemplate) {
//        this.stringRedisTemplate = stringRedisTemplate;
//    }
//
//    /**
//     * 密码编码器
//     */
//    @Bean
//    public BCryptPasswordEncoder bCryptPasswordEncoder() {
//        return new BCryptPasswordEncoder();
//    }


//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http.cors(withDefaults())
//                // 禁用 CSRF
//                .csrf().disable()
//                .authorizeRequests()
//                // 指定的接口直接放行
//                // swagger
//                .antMatchers(SecurityConstants.SWAGGER_WHITELIST).permitAll()
//                .antMatchers(SecurityConstants.H2_CONSOLE).permitAll()
//                .antMatchers(HttpMethod.POST, SecurityConstants.SYSTEM_WHITELIST).permitAll()
//                // 其他的接口都需要认证后才能请求
//                .anyRequest().authenticated()
//                .and()
//                //添加自定义Filter
//                .addFilter(new JwtAuthorizationFilter(authenticationManager(), stringRedisTemplate))
//                // 不需要session（不创建会话）
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
//                // 授权异常处理
//                .exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
//                .accessDeniedHandler(new JwtAccessDeniedHandler());
//        // 防止H2 web 页面的Frame 被拦截
//        http.headers().frameOptions().disable();
//    }
//
//    /**
//     * Cors配置优化
//     **/
//    @Bean
//    CorsConfigurationSource corsConfigurationSource() {
//        org.springframework.web.cors.CorsConfiguration configuration = new CorsConfiguration();
//        configuration.setAllowedOrigins(singletonList("*"));
//        // configuration.setAllowedOriginPatterns(singletonList("*"));
//        configuration.setAllowedHeaders(singletonList("*"));
//        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "DELETE", "PUT", "OPTIONS"));
//        configuration.setExposedHeaders(singletonList(SecurityConstants.TOKEN_HEADER));
//        configuration.setAllowCredentials(false);
//        configuration.setMaxAge(3600L);
//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//        source.registerCorsConfiguration("/**", configuration);
//        return source;
//    }

}
